Hello, how would I go about requiring HTTP basic auth on browse's directory listings, while leaving the files themselves accessible without auth?
I have tried to use rewriting and proxying to “fall back” to another port on which I have browse and basicauth enabled but it seems the rewriting happens after the proxy’s base path is matched, or mismatched in this case, and the alternate port never recieves a request
example.com {
root /srv/http/images
rewrite {
if {path} ends_with /
to {path} /idx{path}
}
proxy /idx http://127.0.0.1:15317 {
without /idx
}
}
http://127.0.0.1:15317 {
root /srv/http/images
browse /
basicauth / codl hunter2
}
Hi @codl,
For reference, the current order of execution of directives is here:
rewrite does happen before basicauth, which happens before proxy.
You can use log / access.log "{common} /// {rewrite_uri}", which will log the result of the rewrite so you can compare it with what you expect for any given request.
I note that to {path} /idx{path} means that a request for a folder that DOES exist on disk will be rewritten to {path}, because it exists, rather than /idx{path} (the log directive will likely confirm this with some quick tests). I suspect you’d rather it rewrite existing directories to the proxy, so you could probably just remove the first {path}.
Thank you! This did the trick
1 Like
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.